<?
include('./header.inc');
include('./database.inc');

$uid = mysql_real_escape_string($_POST['uid']);

if (!isset($_POST['submitted'])){
	header( 'Location: ./users.php?' ) ;
	die();
}

if ($_SESSION['superuser'] != "true" && $uid != $_SESSION['uid']){
	notify("error", "You do not have permission to edit this user");
	header( 'Location: ./users.php' ) ;
	die();
}

if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['passwordconfirm'])){
	notify("error", "Please Complete All Fields");
	header( 'Location: ./edituser.php?uid='.$uid ) ;
	die();
}

if ($_POST['password'] != $_POST['passwordconfirm']){
	notify("error", "Password Fields Did Not Match");
	header( 'Location: ./edituser.php?uid='.$uid ) ;
	die();
}
$username = mysql_real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$superuser = mysql_real_escape_string($_POST['superuser']);

if ($_SESSION['superuser'] == "true"){
	$query = "UPDATE users SET username = '$username',  password = '$password', superuser = '$superuser' WHERE user_id = '$uid'";
} else {
	$query = "UPDATE users SET username = '$username',  password = '$password' WHERE user_id = '$uid'";
}
$result = mysql_query($query);

notify("success", "User \"".$username."\" Updated");
header( 'Location: ./users.php' ) ;

?>